The attached patch is against -mm3, and includes the suggestions Chrislast sent out.

> I think encoding error, testing error, then returning hardcoded error is> wasteful. I'd change alloc_task_security api to return NULL on ENOMEM....> Do you need all those alloc_task_security's in there? Why not just one> at the top?

Good points - cleaned these up.

> And are you convinced there's no leak on the other kmalloc> failures?

Yes, they each get freed if this function is called again on the sameitem, and they get freed when the task closes. Unless I'm missingsomething...

if (is_jailroot_parent(nd->dentry, tsec->dentry, tsec->mnt)) {- bsdj_debug(WARN,"Attempt to chdir(..) out of jail!\n"- "(%s is a subdir of %s)\n",- tsec->dentry->d_name.name,- nd->dentry->d_name.name);+ bsdj_debug(WARN, "Attempt to chdir(..) out of jail!\n"+ "(%s is a subdir of %s)\n",+ tsec->dentry->d_name.name,+ nd->dentry->d_name.name); return -EPERM; }